× Cookies estão desativados! Este site requer que os cookies estejam habilitados para funcionar corretamente
SHA256: dc276b0113694ecc62913311e2580857754aa890173dfaa9d95afad6396bb741
Nome do arquivo: 999bc5e16312db6abff5f6c9e54c546f.bin
Taxa de detecção: 56 / 68
Data da análise: 2018-08-08 18:04:24 UTC ( 3 meses, 1 semana atrás )
Antivírus Resultado Atualização
Ad-Aware Trojan.GenericKD.2319076 20180808
AegisLab Trojan.Win32.Dyreza.m!c 20180808
AhnLab-V3 Trojan/Win32.Upatre.R145921 20180808
ALYac Trojan.GenericKD.2319076 20180808
Antiy-AVL Trojan/Win32.BTSGeneric 20180808
Arcabit Trojan.Generic.D2362E4 20180808
Avast Win32:Malware-gen 20180808
AVG Win32:Malware-gen 20180808
Avira (no cloud) TR/Crypt.ZPACK.hrvh.14 20180808
AVware Trojan.Win32.Generic!BT 20180727
Baidu Win32.Trojan.Kryptik.jc 20180808
BitDefender Trojan.GenericKD.2319076 20180808
Bkav W32.ButpetginLTAAAD.Trojan 20180807
CAT-QuickHeal TrojanPWS.Dyzap.D4 20180807
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20180723
Cybereason malicious.16312d 20180225
Cylance Unsafe 20180808
Cyren W32/Backdoor.JQQP-8738 20180808
DrWeb Trojan.Dyre.139 20180808
Emsisoft Trojan.GenericKD.2319076 (B) 20180808
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Battdil.P 20180808
F-Prot W32/Backdoor2.HYSA 20180808
Fortinet W32/Battdil.P!tr 20180808
GData Win32.Trojan.Agent.CVVW5B 20180808
Ikarus Backdoor.Win32.Dyreza 20180808
Sophos ML heuristic 20180717
Jiangmin Backdoor/Dyreza.ad 20180808
K7AntiVirus Trojan ( 004ba1f31 ) 20180808
K7GW Trojan ( 004ba1f31 ) 20180808
Kaspersky Backdoor.Win32.Dyreza.cu 20180808
Malwarebytes Trojan.Agent.DYR 20180808
MAX malware (ai score=100) 20180808
McAfee Generic.wk 20180808
McAfee-GW-Edition BehavesLike.Win32.RansomLocky.hh 20180808
Microsoft PWS:Win32/Dyzap.N 20180808
eScan Trojan.GenericKD.2319076 20180808
NANO-Antivirus Trojan.Win32.Dyre.efhazr 20180808
Palo Alto Networks (Known Signatures) generic.ml 20180808
Panda Trj/WLT.B 20180808
Qihoo-360 HEUR/QVM02.0.Malware.Gen 20180808
Rising Backdoor.Win32.Dyreza.d (CLOUD) 20180808
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-L 20180808
Symantec Trojan.Gen 20180808
Tencent Win32.Backdoor.Dyreza.Hvjf 20180808
TheHacker Trojan/Battdil.p 20180807
TrendMicro TSPY_DYRE.YUYCH 20180808
TrendMicro-HouseCall TSPY_DYRE.YUYCH 20180808
VBA32 OScope.Malware-Cryptor.Hlux 20180808
VIPRE Trojan.Win32.Generic!BT 20180808
ViRobot Backdoor.Win32.S.Dyreza.586752 20180808
Webroot Infostealer.Dyzap.M 20180808
Yandex Backdoor.Dyreza! 20180808
Zillya Backdoor.Dyreza.Win32.472 20180808
ZoneAlarm by Check Point Backdoor.Win32.Dyreza.cu 20180808
Alibaba 20180713
Avast-Mobile 20180808
Babable 20180725
ClamAV 20180808
CMC 20180808
Comodo 20180808
eGambit 20180808
F-Secure 20180728
Kingsoft 20180808
SUPERAntiSpyware 20180808
Symantec Mobile Insight 20180801
TACHYON 20180808
TotalDefense 20180808
Trustlook 20180808
Zoner 20180808
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1995-02-03 05:42:51
Entry Point 0x0004CB9C
Number of sections 4
PE sections
PE imports
_acmdln_dll
_exit
exit
_XcptFilter
__GetMainArgs
_initterm
_local_unwind2
_fmode_dll
_commode_dll
_global_unwind2
GetStartupInfoA
lstrcpyW
lstrlenW
LoadLibraryW
GetFileSize
SetCurrentDirectoryW
GetModuleFileNameW
CreateFileW
GetCommandLineW
HeapAlloc
CloseHandle
Sleep
lstrcatW
ReadFile
GetProcAddress
GetModuleHandleA
GetProcessHeap
SHGetFolderPathW
GetParent
UpdateWindow
GetScrollRange
GetScrollInfo
LoadBitmapW
DefWindowProcW
GetMessageW
PostQuitMessage
ShowWindow
SetWindowPos
SetWindowLongW
GetMenu
RegisterClassExW
MoveWindow
TranslateMessage
DispatchMessageW
EndDeferWindowPos
SendMessageW
GetWindowLongW
GetWindowPlacement
LoadStringW
SetWindowTextW
DrawTextW
EnableMenuItem
FrameRect
InvalidateRect
GetClassNameW
GetKeyboardState
GetActiveWindow
GetClientRect
DeferWindowPos
LoadCursorW
LoadIconW
CreateWindowExW
LoadAcceleratorsW
EnableWindow
GetMenuItemID
IsChild
DestroyWindow
Number of PE resources by type
RT_BITMAP 2
RT_DIALOG 2
RT_ICON 2
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ROMANIAN 6
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
1995:02:03 06:42:51+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
369152

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
220672

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x4cb9c

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 999bc5e16312db6abff5f6c9e54c546f
SHA1 c19761497efcdf156f50c014e7520fdae40822e7
SHA256 dc276b0113694ecc62913311e2580857754aa890173dfaa9d95afad6396bb741
ssdeep
12288:wZ2BkVm1YvrIm9/nefmiM+Si2BiYRdAugT:GVm2rvJgmX+n2oYRdvA

authentihash 11d05cb50f72d63ef1ea1553bd1e265225f090910b50da3328e78e48c536ec27
imphash 486eda0988c03bbb173c5b351c4e5c49
File size 573.0 KB ( 586752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2015-04-23 11:19:18 UTC ( 3 anos, 7 meses atrás )
Last submission 2018-06-26 07:16:42 UTC ( 4 meses, 3 semanas atrás )
Nomes do arquivo FxBgIkuSnaSdNag.exe
PJxxPmsEMVfLxoy.exe
dc276b0113694ecc62913311e2580857754aa890173dfaa9d95afad6396bb741.exe
dc276b0113694ecc62913311e2580857754aa890173dfaa9d95afad6396bb741.bin
dc276b0113694ecc62913311e2580857754aa890173dfaa9d95afad6396bb741.exe
TuLvKILGNXyBekE.exe
nauabdjg.exe.dr
UnknownMalware (1).bin
JsbQyXtJhvKxFPS.exe
localfile~
killappp
999BC5E16312DB6ABFF5F6C9E54C546F.bin
clqjyvij.exe
New Dyre Malware
DC276B0113694ECC62913311E2580857754AA890173DFAA9D95AFAD6396BB741.EXE
999bc5e16312db6abff5f6c9e54c546f
999bc5e16312db6abff5f6c9e54c546f.bin
AYjfwvHaAUVRpNm.exe
WkSnPFATsCadmcj.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Sem comentários. Ainda nenhum membro da Comunidade VirusTotal comentou este item, seja o primeiro!

Deixe o seu comentário...

?
Postar comentário

Você ainda não entrou. Apenas usuários registrados podem comentar, entre e expresse-se!

Sem votos. Ainda nenhum usuário votou neste item, seja o primeiro!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications